Documentation ¶
Index ¶
- Constants
- func Compress(data []byte) []byte
- func Contains(list []string, target string) bool
- func ContainsAny(list, targets []string) bool
- func ContainsInt(list []int, target int) bool
- func ContainsWildcard(patterns []string, target string) bool
- func CopyBuffer(dst io.Writer, src io.Reader, buf []byte) (written int64, err error)
- func CopyNBuffer(dst io.Writer, src io.Reader, n int64, buf []byte) (written int64, err error)
- func Decompress(data []byte) ([]byte, error)
- func DoFileMigration(migration FileMigration) error
- func FileExists(filePath string) bool
- func FormatByteCount(bytes uint64) string
- func GenerateAuthenticatedDataPackageKeys() (string, string, error)
- func GenerateWebServerCertificate(commonName string) (string, string, error)
- func GetCurrentTimestamp() string
- func GetInterfaceIPAddresses(interfaceName string) (net.IP, net.IP, error)
- func GetRoutableInterfaceIPAddresses() (net.IP, net.IP, error)
- func GetStringSlice(value interface{}) ([]string, bool)
- func IPAddressFromAddr(addr net.Addr) string
- func MakeSecureRandomBytes(length int) ([]byte, error)
- func NewAuthenticatedDataPackageReader(dataPackage io.ReadSeeker, signingPublicKey string) (io.Reader, error)
- func PortFromAddr(addr net.Addr) int
- func ReadAuthenticatedDataPackage(dataPackage []byte, isCompressed bool, signingPublicKey string) (string, error)
- func TerminateHTTPConnection(responseWriter http.ResponseWriter, request *http.Request)
- func TruncateTimestampToHour(timestamp string) string
- func WriteAuthenticatedDataPackage(data string, signingPublicKey, signingPrivateKey string) ([]byte, error)
- func WriteRuntimeProfiles(logger Logger, outputDirectory string, filenameSuffix string, ...)
- type APIParameterLogFieldFormatter
- type APIParameterValidator
- type APIParameters
- type ActivityMonitoredConn
- func (conn *ActivityMonitoredConn) GetActiveDuration() time.Duration
- func (conn *ActivityMonitoredConn) GetLastActivityMonotime() monotime.Time
- func (conn *ActivityMonitoredConn) GetStartTime() time.Time
- func (conn *ActivityMonitoredConn) IsClosed() bool
- func (conn *ActivityMonitoredConn) Read(buffer []byte) (int, error)
- func (conn *ActivityMonitoredConn) Write(buffer []byte) (int, error)
- type ActivityUpdater
- type AuthenticatedDataPackage
- type CloseWriter
- type Closer
- type Conns
- type FileMigration
- type GeoIPData
- type IrregularIndicator
- type LRUConns
- type LRUConnsEntry
- type LogFields
- type LogTrace
- type Logger
- type MetricsSource
- type NetDialer
- type RateLimits
- type ReloadableFile
- type Reloader
- type SubnetLookup
- type ThrottledConn
Constants ¶
const RFC3339Milli = "2006-01-02T15:04:05.000Z07:00"
Variables ¶
This section is empty.
Functions ¶
func Contains ¶
Contains is a helper function that returns true if the target string is in the list.
func ContainsAny ¶ added in v1.0.5
ContainsAny returns true if any string in targets is present in the list.
func ContainsInt ¶ added in v1.0.5
ContainsInt returns true if the target int is in the list.
func ContainsWildcard ¶ added in v1.0.6
ContainsWildcard returns true if target matches any of the patterns. Patterns may contain the '*' wildcard.
func CopyBuffer ¶
CopyBuffer calls io.CopyBuffer, masking out any src.WriteTo or dst.ReadFrom to force use of the specified buf.
func CopyNBuffer ¶ added in v1.0.9
func Decompress ¶
Decompress returns zlib decompressed data
func DoFileMigration ¶
func DoFileMigration(migration FileMigration) error
DoFileMigration performs the specified file move operation. An error will be returned and the operation will not performed if: a file is expected, but a directory is found; a directory is expected, but a file is found; or a file, or directory, already exists at the target path of the move operation.
func FileExists ¶
FileExists returns true if a file, or directory, exists at the given path.
func FormatByteCount ¶ added in v1.0.5
FormatByteCount returns a string representation of the specified byte count in conventional, human-readable format.
func GenerateAuthenticatedDataPackageKeys ¶
GenerateAuthenticatedDataPackageKeys generates a key pair be used to sign and verify AuthenticatedDataPackages.
func GenerateWebServerCertificate ¶ added in v1.0.7
GenerateWebServerCertificate creates a self-signed web server certificate, using the specified host name (commonName). This is primarily intended for use by MeekServer to generate on-the-fly, self-signed TLS certificates for fronted HTTPS mode. In this case, the nature of the certificate is non-circumvention; it only has to be acceptable to the front CDN making connections to meek. The same certificates are used for unfronted HTTPS meek. In this case, the certificates may be a fingerprint used to detect Psiphon servers or traffic. TODO: more effort to mitigate fingerprinting these certificates.
In addition, GenerateWebServerCertificate is used by GenerateConfig to create Psiphon web server certificates for test/example configurations. If these Psiphon web server certificates are used in production, the same caveats about fingerprints apply.
func GetCurrentTimestamp ¶
func GetCurrentTimestamp() string
GetCurrentTimestamp returns the current time in UTC as an RFC 3339 formatted string.
func GetInterfaceIPAddresses ¶ added in v1.0.5
GetInterfaceIPAddresses takes an interface name, such as "eth0", and returns the first IPv4 and IPv6 addresses associated with it. Either of the IPv4 or IPv6 address may be nil. If neither type of address is found, an error is returned.
func GetRoutableInterfaceIPAddresses ¶
GetRoutableInterfaceIPAddresses returns GetInterfaceIPAddresses values for the first non-loopback, non-point-to-point network interface on the host that has an IP address.
func GetStringSlice ¶ added in v1.0.5
GetStringSlice converts an interface{} which is of type []interace{}, and with the type of each element a string, to []string.
func IPAddressFromAddr ¶
IPAddressFromAddr is a helper which extracts an IP address from a net.Addr or returns "" if there is no IP address.
func MakeSecureRandomBytes ¶
MakeSecureRandomBytes is a helper function that wraps crypto/rand.Read.
func NewAuthenticatedDataPackageReader ¶ added in v1.0.5
func NewAuthenticatedDataPackageReader( dataPackage io.ReadSeeker, signingPublicKey string) (io.Reader, error)
NewAuthenticatedDataPackageReader extracts and verifies authenticated data from an AuthenticatedDataPackage stored in the specified file. The package must have been signed with the given key. NewAuthenticatedDataPackageReader does not load the entire package nor the entire data into memory. It streams the package while verifying, and returns an io.Reader that the caller may use to stream the authenticated data payload.
func PortFromAddr ¶
PortFromAddr is a helper which extracts a port number from a net.Addr or returns 0 if there is no port number.
func ReadAuthenticatedDataPackage ¶
func ReadAuthenticatedDataPackage( dataPackage []byte, isCompressed bool, signingPublicKey string) (string, error)
ReadAuthenticatedDataPackage extracts and verifies authenticated data from an AuthenticatedDataPackage. The package must have been signed with the given key.
Set isCompressed to false to read packages that are not compressed.
func TerminateHTTPConnection ¶ added in v1.0.6
func TerminateHTTPConnection( responseWriter http.ResponseWriter, request *http.Request)
TerminateHTTPConnection sends a 404 response to a client and also closes the persistent connection.
func TruncateTimestampToHour ¶
TruncateTimestampToHour truncates an RFC 3339 formatted string to hour granularity. If the input is not a valid format, the result is "".
func WriteAuthenticatedDataPackage ¶
func WriteAuthenticatedDataPackage( data string, signingPublicKey, signingPrivateKey string) ([]byte, error)
WriteAuthenticatedDataPackage creates an AuthenticatedDataPackage containing the specified data and signed by the given key. The output conforms with the legacy format here: https://bitbucket.org/psiphon/psiphon-circumvention-system/src/c25d080f6827b141fe637050ce0d5bd0ae2e9db5/Automation/psi_ops_crypto_tools.py
func WriteRuntimeProfiles ¶ added in v1.0.9
func WriteRuntimeProfiles( logger Logger, outputDirectory string, filenameSuffix string, blockSampleDurationSeconds int, cpuSampleDurationSeconds int)
WriteRuntimeProfiles writes Go runtime profile information to a set of files in the specified output directory. The profiles include "heap", "goroutine", and other selected profiles from: https://golang.org/pkg/runtime/pprof/#Profile.
The SampleDurationSeconds inputs determine how long to wait and sample profiles that require active sampling. When set to 0, these profiles are skipped.
Types ¶
type APIParameterLogFieldFormatter ¶ added in v1.0.5
type APIParameterLogFieldFormatter func(GeoIPData, APIParameters) LogFields
APIParameterLogFieldFormatter is a function that returns formatted LogFields containing the given GeoIPData and APIParameters.
type APIParameterValidator ¶ added in v1.0.5
type APIParameterValidator func(APIParameters) error
APIParameterValidator is a function that validates API parameters for a particular request or context.
type APIParameters ¶ added in v1.0.5
type APIParameters map[string]interface{}
APIParameters is a set of API parameter values, typically received from a Psiphon client and used/logged by the Psiphon server. The values are of varying types: strings, ints, arrays, structs, etc.
type ActivityMonitoredConn ¶
ActivityMonitoredConn wraps a net.Conn, adding logic to deal with events triggered by I/O activity.
When an inactivity timeout is specified, the network I/O will timeout after the specified period of read inactivity. Optionally, for the purpose of inactivity only, ActivityMonitoredConn will also consider the connection active when data is written to it.
When a LRUConnsEntry is specified, then the LRU entry is promoted on either a successful read or write.
When an ActivityUpdater is set, then its UpdateActivity method is called on each read and write with the number of bytes transferred. The durationNanoseconds, which is the time since the last read, is reported only on reads.
func NewActivityMonitoredConn ¶
func NewActivityMonitoredConn( conn net.Conn, inactivityTimeout time.Duration, activeOnWrite bool, activityUpdater ActivityUpdater, lruEntry *LRUConnsEntry) (*ActivityMonitoredConn, error)
NewActivityMonitoredConn creates a new ActivityMonitoredConn.
func (*ActivityMonitoredConn) GetActiveDuration ¶
func (conn *ActivityMonitoredConn) GetActiveDuration() time.Duration
GetActiveDuration returns the time elapsed between the initialization of the ActivityMonitoredConn and the last Read. Only reads are used for this calculation since writes may succeed locally due to buffering.
func (*ActivityMonitoredConn) GetLastActivityMonotime ¶
func (conn *ActivityMonitoredConn) GetLastActivityMonotime() monotime.Time
GetLastActivityMonotime returns the arbitrary monotonic time of the last Read.
func (*ActivityMonitoredConn) GetStartTime ¶
func (conn *ActivityMonitoredConn) GetStartTime() time.Time
GetStartTime gets the time when the ActivityMonitoredConn was initialized. Reported time is UTC.
func (*ActivityMonitoredConn) IsClosed ¶
func (conn *ActivityMonitoredConn) IsClosed() bool
IsClosed implements the Closer iterface. The return value indicates whether the underlying conn has been closed.
type ActivityUpdater ¶
type ActivityUpdater interface {
UpdateProgress(bytesRead, bytesWritten int64, durationNanoseconds int64)
}
ActivityUpdater defines an interface for receiving updates for ActivityMonitoredConn activity. Values passed to UpdateProgress are bytes transferred and conn duration since the previous UpdateProgress.
type AuthenticatedDataPackage ¶
type AuthenticatedDataPackage struct { Data string `json:"data"` SigningPublicKeyDigest []byte `json:"signingPublicKeyDigest"` Signature []byte `json:"signature"` }
AuthenticatedDataPackage is a JSON record containing some Psiphon data payload, such as list of Psiphon server entries. As it may be downloaded from various sources, it is digitally signed so that the data may be authenticated.
type CloseWriter ¶
type CloseWriter interface {
CloseWrite() error
}
CloseWriter defines the interface to a type, typically a net.TCPConn, that implements CloseWrite.
type Closer ¶
type Closer interface {
IsClosed() bool
}
Closer defines the interface to a type, typically a net.Conn, that can be closed.
type Conns ¶
type Conns struct {
// contains filtered or unexported fields
}
Conns is a synchronized list of Conns that is used to coordinate interrupting a set of goroutines establishing connections, or close a set of open connections, etc. Once the list is closed, no more items may be added to the list (unless it is reset).
type FileMigration ¶
type FileMigration struct { // OldPath is the current location of the file. OldPath string // NewPath is the location that the file should be moved to. NewPath string // IsDir should be set to true if the file is a directory. IsDir bool }
FileMigration represents the action of moving a file, or directory, to a new location.
type GeoIPData ¶ added in v1.0.5
type GeoIPData struct { Country string City string ISP string ASN string ASO string DiscoveryValue int }
GeoIPData is type-compatible with psiphon/server.GeoIPData.
type IrregularIndicator ¶
type IrregularIndicator interface {
IrregularTunnelError() error
}
IrregularIndicator defines the interface for a type, typically a net.Conn, that detects and reports irregular conditions during initial network connection establishment.
type LRUConns ¶
type LRUConns struct {
// contains filtered or unexported fields
}
LRUConns is a concurrency-safe list of net.Conns ordered by recent activity. Its purpose is to facilitate closing the oldest connection in a set of connections.
New connections added are referenced by a LRUConnsEntry, which is used to Touch() active connections, which promotes them to the front of the order and to Remove() connections that are no longer LRU candidates.
CloseOldest() will remove the oldest connection from the list and call net.Conn.Close() on the connection.
After an entry has been removed, LRUConnsEntry Touch() and Remove() will have no effect.
func (*LRUConns) Add ¶
func (conns *LRUConns) Add(conn net.Conn) *LRUConnsEntry
Add inserts a net.Conn as the freshest connection in a LRUConns and returns an LRUConnsEntry to be used to freshen the connection or remove the connection from the LRU list.
func (*LRUConns) CloseOldest ¶
func (conns *LRUConns) CloseOldest()
CloseOldest closes the oldest connection in a LRUConns. It calls net.Conn.Close() on the connection.
type LRUConnsEntry ¶
type LRUConnsEntry struct {
// contains filtered or unexported fields
}
LRUConnsEntry is an entry in a LRUConns list.
func (*LRUConnsEntry) Remove ¶
func (entry *LRUConnsEntry) Remove()
Remove deletes the connection referenced by the LRUConnsEntry from the associated LRUConns. Has no effect if the entry was not initialized or previously removed.
func (*LRUConnsEntry) Touch ¶
func (entry *LRUConnsEntry) Touch()
Touch promotes the connection referenced by the LRUConnsEntry to the front of the associated LRUConns. Has no effect if the entry was not initialized or previously removed.
type LogFields ¶ added in v1.0.5
type LogFields map[string]interface{}
LogFields is type-compatible with psiphon/server.LogFields and logrus.LogFields.
type LogTrace ¶
type LogTrace interface { Debug(args ...interface{}) Info(args ...interface{}) Warning(args ...interface{}) Error(args ...interface{}) }
LogTrace is interface-compatible with the return values from psiphon/server.TraceLogger.WitTrace/WithTraceFields.
type Logger ¶ added in v1.0.5
type Logger interface { WithTrace() LogTrace WithTraceFields(fields LogFields) LogTrace LogMetric(metric string, fields LogFields) }
Logger exposes a logging interface that's compatible with psiphon/server.TraceLogger. This interface allows packages to implement logging that will integrate with psiphon/server without importing that package. Other implementations of Logger may also be provided.
type MetricsSource ¶ added in v1.0.9
type MetricsSource interface { // GetMetrics returns a LogFields populated with // metrics from the MetricsSource GetMetrics() LogFields }
MetricsSource is an object that provides metrics to be logged
type NetDialer ¶ added in v1.0.9
type NetDialer interface { Dial(network, address string) (net.Conn, error) DialContext(ctx context.Context, network, address string) (net.Conn, error) }
NetDialer mimicks the net.Dialer interface.
type RateLimits ¶
type RateLimits struct { // ReadUnthrottledBytes specifies the number of bytes to // read, approximately, before starting rate limiting. ReadUnthrottledBytes int64 // ReadBytesPerSecond specifies a rate limit for read // data transfer. The default, 0, is no limit. ReadBytesPerSecond int64 // WriteUnthrottledBytes specifies the number of bytes to // write, approximately, before starting rate limiting. WriteUnthrottledBytes int64 // WriteBytesPerSecond specifies a rate limit for write // data transfer. The default, 0, is no limit. WriteBytesPerSecond int64 // CloseAfterExhausted indicates that the underlying // net.Conn should be closed once either the read or // write unthrottled bytes have been exhausted. In this // case, throttling is never applied. CloseAfterExhausted bool }
RateLimits specify the rate limits for a ThrottledConn.
type ReloadableFile ¶
ReloadableFile is a file-backed Reloader. This type is intended to be embedded in other types that add the actual reloadable data structures.
ReloadableFile has a multi-reader mutex for synchronization. Its Reload() function will obtain a write lock before reloading the data structures. The actual reloading action is to be provided via the reloadAction callback, which receives the content of reloaded files, along with file modification time, and must process the new data (for example, unmarshall the contents into data structures). All read access to the data structures should be guarded by RLocks on the ReloadableFile mutex.
reloadAction must ensure that data structures revert to their previous state when a reload fails.
func NewReloadableFile ¶
func NewReloadableFile( filename string, loadFileContent bool, reloadAction func([]byte, time.Time) error) ReloadableFile
NewReloadableFile initializes a new ReloadableFile.
When loadFileContent is true, the file content is loaded and passed to reloadAction; otherwise, reloadAction receives a nil argument and is responsible for loading the file. The latter option allows for cases where the file contents must be streamed, memory mapped, etc.
func (*ReloadableFile) LogDescription ¶
func (reloadable *ReloadableFile) LogDescription() string
func (*ReloadableFile) Reload ¶
func (reloadable *ReloadableFile) Reload() (bool, error)
Reload checks if the underlying file has changed and, when changed, invokes the reloadAction callback which should reload the in-memory data structures.
In some case (e.g., traffic rules and OSL), there are penalties associated with proceeding with reload, so care is taken to not invoke the reload action unless the contents have changed.
The file content is loaded and a checksum is taken to determine whether it has changed. Neither file size (may not change when content changes) nor modified date (may change when identical file is repaved) is a sufficient indicator.
All data structure readers should be blocked by the ReloadableFile mutex.
Reload must not be called from multiple concurrent goroutines.
func (*ReloadableFile) WillReload ¶
func (reloadable *ReloadableFile) WillReload() bool
WillReload indicates whether the ReloadableFile is capable of reloading.
type Reloader ¶
type Reloader interface { // Reload reloads the data object. Reload returns a flag indicating if the // reloadable target has changed and reloaded or remains unchanged. By // convention, when reloading fails the Reloader should revert to its previous // in-memory state. Reload() (bool, error) // WillReload indicates if the data object is capable of reloading. WillReload() bool // LogDescription returns a description to be used for logging // events related to the Reloader. LogDescription() string }
Reloader represents a read-only, in-memory reloadable data object. For example, a JSON data file that is loaded into memory and accessed for read-only lookups; and from time to time may be reloaded from the same file, updating the memory copy.
type SubnetLookup ¶
SubnetLookup provides an efficient lookup for individual IPv4 addresses within a list of subnets.
func NewSubnetLookup ¶
func NewSubnetLookup(CIDRs []string) (SubnetLookup, error)
NewSubnetLookup creates a SubnetLookup from a list of subnet CIDRs.
func NewSubnetLookupFromRoutes ¶
func NewSubnetLookupFromRoutes(routesData []byte) (SubnetLookup, error)
NewSubnetLookupFromRoutes creates a SubnetLookup from text routes data. The input format is expected to be text lines where each line is, e.g., "1.2.3.0\t255.255.255.0\n"
func (SubnetLookup) ContainsIPAddress ¶
func (lookup SubnetLookup) ContainsIPAddress(addr net.IP) bool
ContainsIPAddress performs a binary search on the sorted subnet list to find a network containing the candidate IP address.
func (SubnetLookup) Less ¶
func (lookup SubnetLookup) Less(i, j int) bool
Less implements Sort.Interface
type ThrottledConn ¶
ThrottledConn wraps a net.Conn with read and write rate limiters. Rates are specified as bytes per second. Optional unlimited byte counts allow for a number of bytes to read or write before applying rate limiting. Specify limit values of 0 to set no rate limit (unlimited counts are ignored in this case). The underlying rate limiter uses the token bucket algorithm to calculate delay times for read and write operations.
func NewThrottledConn ¶
func NewThrottledConn(conn net.Conn, limits RateLimits) *ThrottledConn
NewThrottledConn initializes a new ThrottledConn.
func (*ThrottledConn) Close ¶
func (conn *ThrottledConn) Close() error
func (*ThrottledConn) SetLimits ¶
func (conn *ThrottledConn) SetLimits(limits RateLimits)
SetLimits modifies the rate limits of an existing ThrottledConn. It is safe to call SetLimits while other goroutines are calling Read/Write. This function will not block, and the new rate limits will be applied within Read/Write, but not necessarily until some further I/O at previous rates.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package accesscontrol implements an access control authorization scheme based on digital signatures.
|
Package accesscontrol implements an access control authorization scheme based on digital signatures. |
crypto
|
|
internal/subtle
Package subtle implements functions that are often useful in cryptographic code but require careful thought to use correctly.
|
Package subtle implements functions that are often useful in cryptographic code but require careful thought to use correctly. |
nacl/secretbox
Package secretbox encrypts and authenticates small messages.
|
Package secretbox encrypts and authenticates small messages. |
ssh
Package ssh implements an SSH client and server.
|
Package ssh implements an SSH client and server. |
ssh/agent
Package agent implements the ssh-agent protocol, and provides both a client and a server.
|
Package agent implements the ssh-agent protocol, and provides both a client and a server. |
ssh/knownhosts
Package knownhosts implements a parser for the OpenSSH known_hosts host key database, and provides utility functions for writing OpenSSH compliant known_hosts files.
|
Package knownhosts implements a parser for the OpenSSH known_hosts host key database, and provides utility functions for writing OpenSSH compliant known_hosts files. |
ssh/terminal
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.
|
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems. |
ssh/test
Package test contains integration tests for the github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/crypto/ssh package.
|
Package test contains integration tests for the github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/crypto/ssh package. |
Package errors provides error wrapping helpers that add inline, single frame stack trace information to error messages.
|
Package errors provides error wrapping helpers that add inline, single frame stack trace information to error messages. |
Package osl implements the Obfuscated Server List (OSL) mechanism.
|
Package osl implements the Obfuscated Server List (OSL) mechanism. |
Package parameters implements dynamic, concurrency-safe parameters that determine Psiphon client behavior.
|
Package parameters implements dynamic, concurrency-safe parameters that determine Psiphon client behavior. |
Package prng implements a seeded, unbiased PRNG that is suitable for use cases including obfuscation, network jitter, load balancing.
|
Package prng implements a seeded, unbiased PRNG that is suitable for use cases including obfuscation, network jitter, load balancing. |
Package quic wraps github.com/lucas-clemente/quic-go with net.Listener and net.Conn types that provide a drop-in replacement for net.TCPConn.
|
Package quic wraps github.com/lucas-clemente/quic-go with net.Listener and net.Conn types that provide a drop-in replacement for net.TCPConn. |
Package sss implements Shamir's Secret Sharing algorithm over GF(2^8).
|
Package sss implements Shamir's Secret Sharing algorithm over GF(2^8). |
Package stacktrace provides helpers for handling stack trace information.
|
Package stacktrace provides helpers for handling stack trace information. |
Package tactics provides dynamic Psiphon client configuration based on GeoIP attributes, API parameters, and speed test data.
|
Package tactics provides dynamic Psiphon client configuration based on GeoIP attributes, API parameters, and speed test data. |
Package tun is an IP packet tunnel server and client.
|
Package tun is an IP packet tunnel server and client. |
Package values provides a mechanism for specifying and selecting dynamic values employed by the Psiphon client and server.
|
Package values provides a mechanism for specifying and selecting dynamic values employed by the Psiphon client and server. |
Package wildcard implements a very simple wildcard matcher which supports only the term '*', which matches any sequence of characters.
|
Package wildcard implements a very simple wildcard matcher which supports only the term '*', which matches any sequence of characters. |